You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Timothee Maret (JIRA)" <ji...@apache.org> on 2017/01/04 08:42:58 UTC
[jira] [Commented] (SLING-4753) Commit the Resource Resolver before
passing it to Tenant Customizers for setting up their own customizations
[ https://issues.apache.org/jira/browse/SLING-4753?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15797619#comment-15797619 ]
Timothee Maret commented on SLING-4753:
---------------------------------------
[~amitgupt] I am thinking to propose a release of the tenant bundle soon, in order to release the security fix SLING-5240. I think that this release can't be cut without sorting out SLING-4753. Would you be ok with reverting the patch as suggested by [~fmeschbe] or would you see an alternative ?
> Commit the Resource Resolver before passing it to Tenant Customizers for setting up their own customizations
> ------------------------------------------------------------------------------------------------------------
>
> Key: SLING-4753
> URL: https://issues.apache.org/jira/browse/SLING-4753
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Affects Versions: Tenant 1.1.0
> Reporter: Agraj Mangal
> Assignee: Amit Gupta
> Fix For: Tenant 1.1.0
>
>
> We should commit the Resource Resolver after creating the Tenant Resource and before passing it on to the Tenant Customizers.
> One possible issue is that one of the Tenant Customizers calls some APIs like PageManager##createPage that does a session.refresh() and rollbacks all the un-committed changes on the resolver so far. That could also include the tenant resource itself.
> Ideally the TenantCustomizers should not call commit on the resolver and let TenantProvider commit the changes, but it would be a good protection against all such cases where we could prevent the tenant resource from getting modified if the TenantCustomizer failed and tried to refresh the session.
> We are experiencing this issue in https://jira.corp.adobe.com/browse/MAC-25410
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)